The position of DHS CISO Supply Chain Risk Program Manager will manage the functional area’s risk and opportunity planning, analysis and reporting to include NIST and Cybersecurity supplier due diligence and monitoring, source code analysis, CMMC, and program management office policies, as well as knowledge of SC risk elements of FAR and DFARS. The position will lead the development of SC policy development, support change management efforts across the component, and create training programs to ensure adoption.
The program focuses on the following continuous and iterative steps:
Frame risk – establish the context for risk-based decisions and the current state of the information system or supply chain infrastructure;
Assess risk – review and interpret criticality, threat, vulnerability, likelihood, impact, and related information;
Respond to risk once determined – select, tailor, and implement mitigation controls; and
Monitor risk on an ongoing basis, including changes to information systems or supply chain infrastructure, geo-political concerns and potential impacts, and using effective organizational communications and a feedback loop for continuous improvement;
Monitor, evaluate and interpret - the evolving landscape of Governance, Geo-Political concerns, Risk and Compliance for information technology and information security
The DHS SOC Support Service Program has a critical need for a Supply Chain Risk Manager. This is a full time funded position based in Washington DC.
Develop supplier risk assessment protocols, deploy these protocols and conduct supplier audits to assess adherence
Assess, manage, and report on overall cybersecurity posture of our supply base, to include their security policies, procedures, and standards followed.
Design, implement, and maintain controls of functional area risks
Understand current business procedures, problems with those current procedures, and possible solutions that use current modeling technology
Oversee data gathering, exploration and research into current industry trends, publishing the results to a wide technical, executive audience
Coordinate with internal/external teams in designing and developing new systems, processes, and procedures for supply risk management
Stay abreast of emerging cybersecurity trends and communicate risks to supply base
Stay abreast of current geopolitical risks and concerns and communicate risks to supply base and develop potential mitigation plans
Communicate cybersecurity risk and awareness training to supply base.
Identify and incorporate new regulatory and contractual requirements into our supplier management processes and related Information Security infrastructure.
Minimum Requirements Include:
Bachelor's Degree and 8 -12 years of related experience required, Master’s preferred; in management or supply chain management or engineering or compliance preferred
Ability to obtain DHS EOD
Strong knowledge of supply chain fundamentals
Working knowledge of ISO-27001, NIST 800-53, NIST 800-171 or similar framework
Prior eight (8) years of experience of working within a supply chain or supplier quality role
Experience performing supply chain risk assessments to identify and articulate security risks at suppliers
Understanding of cybersecurity controls to include access control, identification and authorization, incident response, and other preventative and detective measures.
Experience in working with supplier IT and information security teams to assess, measure, and improve their information security controls to meet internal standards
Ability to analyze data, draw reasonable conclusions and make recommendations that withstand critical examination Ability to communicate complex analysis to all levels of the organization
Demonstrated technical project management skills
Demonstrated capabilities to organize and track your own work, and the work of others
Demonstrated cross-functional business partnership development
Clear and concise communication skills, with experience presenting to senior executive levels
Knowledge of the Federal Acquisition Regulations (FAR)/ Defense Federal Acquisition Regulations (DFAR)/ and other agency FAR supplements
Proficiency in MS Word, Excel, Project and PowerPoint
Preferred Qualifications Include:
Past history developing policies and procedures for compliant procurement in an services environment
Fundamental understanding of supplier quality management processes SharePoint Administration
Understand where DoD has been with DICAP, RMF as well as emerging frameworks like the Cybersecurity Maturity Model Certification (CMMC) and its impact on SpaceX supply chain and vendor relations.
External Referral Bonus:Eligible
Potential for Telework:No
Clearance Level Required:None
Scheduled Weekly Hours:40
Job Family:Proj and Prog Management
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company’s 39,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.